From a9fee44bc9f6fb09cdd2585a5649ecf2ad03ecdd Mon Sep 17 00:00:00 2001
From: Nicolas Pena <npm@chromium.org>
Date: Tue, 7 Nov 2017 14:08:29 +0000
Subject: More FX_SAFE_INT32 in CJBig2_TRDProc

Bug: chromium:781780
Change-Id: Ie92d8b570c37e9b3364d1ff4502f444a275ee6c2
Reviewed-on: https://pdfium-review.googlesource.com/17910
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
---
 core/fxcodec/jbig2/JBig2_TrdProc.cpp | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/core/fxcodec/jbig2/JBig2_TrdProc.cpp b/core/fxcodec/jbig2/JBig2_TrdProc.cpp
index f033c9bfea..332e5868ac 100644
--- a/core/fxcodec/jbig2/JBig2_TrdProc.cpp
+++ b/core/fxcodec/jbig2/JBig2_TrdProc.cpp
@@ -32,13 +32,14 @@ std::unique_ptr<CJBig2_Image> CJBig2_TRDProc::decode_Huffman(
   FX_SAFE_INT32 STRIPT = INITIAL_STRIPT;
   STRIPT *= SBSTRIPS;
   STRIPT = -STRIPT;
-  int32_t FIRSTS = 0;
+  FX_SAFE_INT32 FIRSTS = 0;
   uint32_t NINSTANCES = 0;
   while (NINSTANCES < SBNUMINSTANCES) {
-    int32_t DT;
-    if (pHuffmanDecoder->decodeAValue(SBHUFFDT, &DT) != 0)
+    int32_t INITIAL_DT;
+    if (pHuffmanDecoder->decodeAValue(SBHUFFDT, &INITIAL_DT) != 0)
       return nullptr;
 
+    FX_SAFE_INT32 DT = INITIAL_DT;
     DT *= SBSTRIPS;
     STRIPT += DT;
     bool bFirst = true;
@@ -49,7 +50,7 @@ std::unique_ptr<CJBig2_Image> CJBig2_TRDProc::decode_Huffman(
         if (pHuffmanDecoder->decodeAValue(SBHUFFFS, &DFS) != 0)
           return nullptr;
 
-        FIRSTS = FIRSTS + DFS;
+        FIRSTS += DFS;
         CURS = FIRSTS;
         bFirst = false;
       } else {
@@ -265,14 +266,15 @@ std::unique_ptr<CJBig2_Image> CJBig2_TRDProc::decode_Arith(
   FX_SAFE_INT32 STRIPT = INITIAL_STRIPT;
   STRIPT *= SBSTRIPS;
   STRIPT = -STRIPT;
-  int32_t FIRSTS = 0;
+  FX_SAFE_INT32 FIRSTS = 0;
   uint32_t NINSTANCES = 0;
   while (NINSTANCES < SBNUMINSTANCES) {
     FX_SAFE_INT32 CURS = 0;
-    int32_t DT;
-    if (!pIADT->decode(pArithDecoder, &DT))
+    int32_t INITIAL_DT;
+    if (!pIADT->decode(pArithDecoder, &INITIAL_DT))
       return nullptr;
 
+    FX_SAFE_INT32 DT = INITIAL_DT;
     DT *= SBSTRIPS;
     STRIPT += DT;
     bool bFirst = true;
-- 
cgit v1.2.3